Many Windows users are on limited or metered Internet connections. As Microsoft is not only consuming storage space but also using user's Internet bandwidth for large unrequested files, as the Windows 10 installer downloads up to 6 gigabytes.

So, here are some methods that you can use to stop Microsoft from automatically downloading Windows 10 installation files.

Method 1

This method is applicable for both Windows 7 and Windows 8.1 users and specifically targets the Windows 10 download files.

Install KB3065987 (for Windows 7) or KB3065988 (for Windows 8.1) updates from Microsoft's official website, depending on the operating system you are using

Now restart your computer and open up the registry editor (search Regedit)

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows

Right-click "Windows", and Select New, then Key and then Type "WindowsUpdate"

Click on the newly created "WindowsUpdate" key and create a 32-bit DWORD called "DisableOSUpgrade" with a value of 1.

Restart your computer. That's it.

Method 2

Both Windows 7 and Windows 8.1 users can simply choose to disable downloading of all Windows updates.

Once selected, Windows Update will notify you of updates, and you have to manually choose to install each and every update.

Method 3

The third method is only for Windows 8.1 users. Windows 8.1 has a setting for metered connections, but it only works for Wi‑Fi and mobile broadband networks, not for users connected with Ethernet cables.

Click on the networks icon in the bottom right

Right-click the connection you are using

Choose "Set as metered connection"

The other way is to:

Type "PC settings" into the Start Screen

Select Network

Select Connections

Now choose the connection you want to change

Turn on "Set as a metered connection" under Data usage

Either way, Windows Update will not download large updates over this connection anymore.

Malware is nothing but a malicious files which is stored on an infected computer system in order to damage the system or steal sensitive data from it or perform other malicious activities. But security researchers have uncovered a new and sophisticated piece of malware that infects systems and steals data without installing any file onto the targeted system.

Researchers dubbed this persistent malware as Poweliks, which resides in the computer registry only and is therefore not easily detectable as other typical malware that installs files on the affected system which can be scanned by antivirus or anti-malware Software.

According to Paul Rascagneres, Senior Threat Researcher, Malware analyst at GData software, due to the malware’s subsequent and step-after-step execution of code, the feature set was similar to a stacking principles of Matryoshka Doll approach.

Paul has made a number of name ripping malware and bots to uncover and undermine cyber crimes. He won last years' Pwnie Award at Black Hat Las Vegas for tearing through the infrastructure of Chinese hacker group APT1.

In order to infect a system, the malware spreads via emails through a malicious Microsoft Word document and after that it creates an encoded autostart registry key and to remain undetectable it keeps the registry key hidden, Rascagneres says.

The malware then creates and executes shellcode, along with a payload Windows binary that tried to connect to ‘hard coded IP addresses’ in an effort to receive further commands from the attacker.

"All activities are stored in the registry. No file is ever created," Rascagneres said in a blog post. "So, attackers are able to circumvent classic anti-malware file scan techniques with such an approach and are able to carry out any desired action when they reach the innermost layer of [a machine] even after a system re-boot.”

"To prevent attacks like this, antivirus solutions have to either catch the initial Word document before it is executed (if there is one), preferably before it reached the customer's email inbox."

To create an autostart mechanism, the malware creates a registry, which is a non-ASCII character key, as Windows Regedit cannot read or open the non-ASCII key entry.

CAPABILITIES OF POWELIKS MALWARE

Poweliks malware is quite dangerous and can perform a number of malicious activities. The malware can:

Download any payload

Install spyware on the infected computer to harvest users’ personal information or business documents

Install banking Trojans in order to steal money

Install any other type of malicious software that can fulfil the needs of the attackers

used in botnet structures

generate immense revenue through ad-fraud

The non-ASCII trick is a tool which the Microsoft created and uses in order to hide its source code from being copied or tampered with, but this feature was later cracked by a security researcher.

The security and malware researchers on the KernelMode.info forum last month analysed a sample which is dropped by a Microsoft Word document that exploited the vulnerability described in CVE-2012-0158, which affected Microsoft products including Microsoft Office.

"This trick prevents a lot of tools from processing this malicious entry at all and it could generate a lot of trouble for incident response teams during the analysis. The mechanism can be used to start any program on the infected system and this makes it very powerful," Rascagneres said.

Japanese police had arrested three people, accused them of making death threats via email and discussion forums. However, later Researchers at Symantec have determined that a piece of malware was making death and bomb threats online on behalf of its victims infected.

Symantec confirmed that the malware "Backdoor.Rabasheeta" is capable of controlling a compromised computer from a remote location and the creator has the capability to command the malware to make the threats like bomb and murders. The most curious thing about this particular dropper is that it comes with a graphical user interface (GUI).

The dropper for Backdoor.Rabasheeta drops a main module and a configuration file. The dropper creates a registry entry so that the main module is executed whenever the compromised computer starts. This dropper also modifies CreationTime, LastWriteTime, and LastAccessTime of the main module with random values to help keep it hidden. Then the dropper will execute the main module before removing itself from the computer.

Because some string of characters used to process encrypted communication with the creator is in Japanese, Symantec believe the creator is most likely a person who has a good understanding of the Japanese language.

Symantec has also acquired a third variant of this threat. The version number of this variant is 2.0. It is practically identical to version 2.23 and there are no noticeable differences between the two.

Police are currently investigating the connection between the threats and the malware. The structure and functions of Backdoor.Rabasheeta are not advanced compared to modern malware. However, it is still capable of surreptitiously opening a back door on a compromised computer. To protect against this type of threat, users should use caution when downloading software from unknown sources. Do not click on suspicious links or attachments in emails.